GNOME is proud to have launched the Outreach Program for Women and seen it grow beyond our wildest expectations. We wish it best of luck and continue to support it as it joins Software Freedom Conservancy as Outreachy.﻿

It is no secret that we've been interested in sandboxed applications for a while. It is evident here, here, here or here, to name just a few. What may not be widely known yet is that we have been working on putting together a working implementation of these ideas. Alexander Larsson has made ...

I need to renew my driver's license. I noticed I can pay online, which would save me a lot of time, so I happily entered the Ministry of Transportation website. I did not end up renewing my license.

Even if I ignore the hideous design and the terrible UX, the thing that bothered me the most was that the connection was not encrypted, no TLS, only plain text HTTP.

Obviously I'm not going to type my ID number, license number, date of birth and credit card number over plain text HTTP, so I poked around a bit. The first thing I tried was to just change http to https, to see if they have TLS, but firefox gave me the "connection reset" error.

I searched and found their security FAQ page claims they have SSL, so I fiddled around a bit and discovered that they use SSLv3 with the RC4 cipher, which is, of course, well known to be easily decipherable and insecure (Firefox gave me the connection reset error because I installed the Mozilla extension to block SSLv3, but newer versions of Firefox will block it by default).

I decided to try and poke a bit more, so I set the minimum SSL version to SSLv3 in my browser just for few minutes, only to discover they use an untrusted certificate.

Now, it might be that if I type my ID number, license number and date of birth I'll get transferred to a 3rd party credit card processing page which has a trusted certificate and proper TLS, but I didn't try - ID number, date of birth and license number are not things I'm going to type over an insecure connection for obvious reason.

Now instead of conveniently renewing my license from the comfort of my own computer, I need to go to a mall which is not accessible by public transportation and use an automated machine (which I don't know if I can trust) or go stand in line at the bank.

You should try and tell them about it. I don't beleive it will help but you can never know.I would like to know their answer, may be we can make them understand that this is an important matter to at least some of us by making a system that will do all the work securely and show that people use it, in time, they might understand the importance (worked on other occations, with the train if I'm not mistaken)﻿

We’re happy to announce that the 2015 edition of GUADEC will be held in Gothenburg, Sweden from August 7 – 9, at Folkets Hus conference center. The conference is not just for developers; everyone is welcome and we hope to see as many people as possible!﻿

fedora-desktop-list used to have a (relatively) decent signal to noise ratio as far as mailing lists of big projects go, but every since Fedora Workstation became a thing the amount of noise in that list keeps increasing :/﻿

tracker developers think it's acceptable to dump hundred of megabytes of texts from all my PDF files into the system log. This is ridiculous.

They have a patch that would prevent it from happening. They won't merge it because "it should never happen".

But bugs exist in every piece of software. Software breaks frequently. The least you can do is when it breaks, make sure it breaks gracefully.

Dumping hundreds of megabytes of text into my system log is not considering handling things gracefully. It means my system log would be harder to navigate and read, it means my log will bloat faster than it should.

Also consider this: the data dumped into the log is contents from PDF files all over the system. That's not just ebooks! sensitive medical/financial documents, legal document, paychecks, and other types of documents you'd want to keep private would be dumped into the log. This means every time there's a problem and I need to post my log, I need to validate bits of my documents didn't find their way into the log. This means that on a multi-user system any user who has access to the system log would have access to everyone's PDF files.

This is not OK. And besides, if you have a bug in something making a query, you really don't need the full text of Discworld to debug it, right? So why not limit the output?﻿

+Kamil Páral Yeah, it's obvious that bug isn't the experience we'd like. Building the experience we'd like is hard, and I hate that we've stuck that in and said "welp, it should never happen", but I don't have the power or the will to change it.﻿

Those who have spoken to me know that I'm not a big fan of packages for shipping software. Once upon a time, I was wowed that I could simply emerge blender and have a full 3D modelling suite running in a few minutes, without the fuss of wizards or unchecking boxes seeing the README.

I think G+ is suggesting me to join weird "communities" just to make me think the data google has on me is inaccurate. I mean, seriously, they just offered me to join EMACS and FreeBSD "communities". Ridiculous.﻿